““WinFixer” MalwareWinFixer” Malware/ Vundo Trojan Malware/ Vundo Trojan Malware

Tries to install these FAKE programs:

WinFixer, WinAntiVirusPro, ErrorSafe, SystemDoctor, WinAntiSpyware, AVSystemCare, WinAntiSpy, Performance Optimizer, StorageProtector, PrivacyProtector, WinReanimator, DriveCleaner, WinspywareProtect, PCTurboPro, FreePCSecure, ErrorProtector, SysProtect, WinSoftware, XPAntivirus, Personal Antivirus, Home Antivirus 20xx, and Ecsecure, Sysprotect, AntiSpywareMaster, WinFixer, AntiVirus 2009, AntiVirus 360, and Virus Doctor.

““Scareware”Scareware”

SYNTAX INTERCHANGEABLE, BECAUSE SYNTAX INTERCHANGEABLE, BECAUSE THEY’RE OFTEN MIXED:THEY’RE OFTEN MIXED:

MalwareMalware VirusVirus TrojanTrojan WormWorm SpywareSpyware ScarewareScareware

WHAT TO DO NOWWHAT TO DO NOW

MAKE SURE YOU HAVE INSTALLED:MAKE SURE YOU HAVE INSTALLED:

Anti-Virus Anti-Virus software WITH UPDATESsoftware WITH UPDATESAnti-SpywareAnti-Spyware software (scanner only) software (scanner only)All Windows “Automatic Updates”All Windows “Automatic Updates”

CATAGORIES OF SECURITY SOFTWARECATAGORIES OF SECURITY SOFTWARE

AntiVirusAntiVirus (realtime and scanner) (realtime and scanner)Norton/Symantec, AVG, TrendMicro, etcNorton/Symantec, AVG, TrendMicro, etc

AntiSpywareAntiSpyware (realtime and scanner, $$) (realtime and scanner, $$)AntiSpyware (scanner, free)AntiSpyware (scanner, free)Malwarebytes, Spybot, Ad-Aware, etc.Malwarebytes, Spybot, Ad-Aware, etc.

HybridHybrid ( (IFEM’s “Symantec Endpoint Protection”)IFEM’s “Symantec Endpoint Protection”)

SuiteSuite (comprehensive, includes firewall and (comprehensive, includes firewall and spam filter) (“Norton 360”)spam filter) (“Norton 360”)

““Microsoft Security Essentials”Microsoft Security Essentials”

WHAT TO DO NOWWHAT TO DO NOW

TestTest your current Anti-Virus & Anti- your current Anti-Virus & Anti-Spyware software (Symantec / Norton, Spyware software (Symantec / Norton, AVG, etc)AVG, etc)

USE THE "EICAR Standard Anti-Virus USE THE "EICAR Standard Anti-Virus Test File“Test File“

FAMILIARIZE YOURSELF with theFAMILIARIZE YOURSELF with the

““Look & Feel”.Look & Feel”.

Optionally, check your websites Optionally, check your websites before going..before going..

McAfee SiteAdvisorMcAfee SiteAdvisor““Family Protection” suitesFamily Protection” suites

WHAT TO DOWHAT TO DOIF YOU GET “HIT”IF YOU GET “HIT”

Look for sudden telltale signs, which Look for sudden telltale signs, which do NOT resemble the name or do NOT resemble the name or Look&Feel of YOUR Virus software, Look&Feel of YOUR Virus software, such as:such as:

WHAT TO DOWHAT TO DOIF YOU GET “HIT”IF YOU GET “HIT”

1) if possible, unplug network cableor shut off wireless router

2) ALT-F43) Windows Task Manager – terminate Browser.4) Shut Off Computer / restart

Disconnecting your network connection is effective at stopping the malware from downloading.

SOMETIMES IT WILL INSTALL AUTOMATICALLY, even without any popups.

WHAT TO DOWHAT TO DOIF YOU GET “HIT”IF YOU GET “HIT”

Then, immediately run a FULL spyware Then, immediately run a FULL spyware scan. Use the FULL scan, scan. Use the FULL scan, notnot the QUICK the QUICK scan.scan.

RemovalRemoval

There are several other products to be found on the Web that claim to have the ability to stop and uninstallWinFixer. Many of these 'solutions' are WinFixer clones!

THE ONLY PRODUCTS WHICH WORK RELIABLY:• Malwarebytes scanner

• “VundoFix”